acl

package

v4.13.0+incompatible Latest Latest Go to latest Published: Jul 10, 2018 License: GPL-3.0 Imports: 14 Imported by: 10

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/BTrDB/smartgridstore

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func NewACLModule(c *etcd.Client, loggedInUser string) admincli.CLIModule
type ACLEngine
- func NewACLEngine(prefix string, c *etcd.Client) *ACLEngine
type BuiltinUser
type CachedUser
type CachedUserKey
type Capability
type Group
type IdentityProvider
type User
- func (u *User) HasCapability(c string) bool
- func (u *User) HasCapabilityOnPrefix(c string, pfx string) bool

Constants ¶

View Source

const DefaultPrefix = "btrdb"

View Source

const UserCacheTime = 3 * time.Minute

Variables ¶

View Source

var KnownCapabilities = map[string]bool{
	"plotter":    true,
	"api":        true,
	"insert":     true,
	"read":       true,
	"delete":     true,
	"obliterate": true,
	"admin":      true,
}

Functions ¶

func NewACLModule ¶

func NewACLModule(c *etcd.Client, loggedInUser string) admincli.CLIModule

Types ¶

type ACLEngine ¶

type ACLEngine struct {
	// contains filtered or unexported fields
}

func NewACLEngine ¶

func NewACLEngine(prefix string, c *etcd.Client) *ACLEngine

func (*ACLEngine) AddCapabilityToGroup ¶

func (e *ACLEngine) AddCapabilityToGroup(group string, capability string) error

func (*ACLEngine) AddGroup ¶

func (e *ACLEngine) AddGroup(name string) error

func (*ACLEngine) AddPrefixToGroup ¶

func (e *ACLEngine) AddPrefixToGroup(group string, prefix string) error

func (*ACLEngine) AddUserToGroup ¶

func (e *ACLEngine) AddUserToGroup(user string, group string) error

func (*ACLEngine) AuthenticateUser ¶

func (e *ACLEngine) AuthenticateUser(name string, password string) (bool, *User, error)

Returns false, nil, nil if password is incorrect or user does not exist

func (*ACLEngine) AuthenticateUserByKey ¶

func (e *ACLEngine) AuthenticateUserByKey(apikey string) (bool, *User, error)

func (*ACLEngine) CreateDefaultAdminUser ¶

func (e *ACLEngine) CreateDefaultAdminUser(password string) error

func (*ACLEngine) CreateUser ¶

func (e *ACLEngine) CreateUser(username, password string) error

func (*ACLEngine) DeleteGroup ¶

func (e *ACLEngine) DeleteGroup(name string) error

func (*ACLEngine) DeleteUser ¶

func (e *ACLEngine) DeleteUser(username string) error

func (*ACLEngine) GetAPIKey ¶

func (e *ACLEngine) GetAPIKey(username string) (string, error)

func (*ACLEngine) GetAllUsers ¶

func (e *ACLEngine) GetAllUsers() ([]string, error)

func (e *ACLEngine) ConstructUser(groups []string) (*User, error) {
	rv := &User{
		Groups: groups,
	}
	pfxs := make(map[string]bool)
	caps := make(map[string]bool)
	for _, gs := range groups {
		g, err := e.GetGroup(gs)
		if err != nil {
			return nil, err
		}
		for _, p := range g.Prefixes {
			pfxs[p] = true
		}
		for _, p := range g.Capabilities {
			caps[p] = true
		}
	}
	for cap, _ := range caps {
		rv.Capabilities = append(rv.Capabilities, cap)
	}
	for pfx, _ := range pfxs {
		rv.Prefixes = append(rv.Prefixes, pfx)
	}
	return rv, nil
}

func (*ACLEngine) GetBuiltinUser ¶

func (e *ACLEngine) GetBuiltinUser(name string) (*User, error)

func (*ACLEngine) GetGroup ¶

func (e *ACLEngine) GetGroup(name string) (*Group, error)

func (*ACLEngine) GetGroups ¶

func (e *ACLEngine) GetGroups() ([]*Group, error)

func (*ACLEngine) GetIDP ¶

func (e *ACLEngine) GetIDP() (IdentityProvider, error)

func (*ACLEngine) GetPublicUser ¶

func (e *ACLEngine) GetPublicUser() (*User, error)

func (*ACLEngine) RemoveCapabilityFromGroup ¶

func (e *ACLEngine) RemoveCapabilityFromGroup(group string, capability string) error

func (*ACLEngine) RemovePrefixFromGroup ¶

func (e *ACLEngine) RemovePrefixFromGroup(group string, prefix string) error

func (*ACLEngine) RemoveUserFromGroup ¶

func (e *ACLEngine) RemoveUserFromGroup(user string, group string) error

func (*ACLEngine) ResetAPIKey ¶

func (e *ACLEngine) ResetAPIKey(username string) (string, error)

func (*ACLEngine) SetIDP ¶

func (e *ACLEngine) SetIDP(p IdentityProvider) error

func (*ACLEngine) SetPassword ¶

func (e *ACLEngine) SetPassword(username, password string) error

func (*ACLEngine) UserFromAPIKey ¶

func (e *ACLEngine) UserFromAPIKey(apik string) (string, error)

func (*ACLEngine) WatchForAuthChanges ¶

func (e *ACLEngine) WatchForAuthChanges(ctx context.Context) (chan struct{}, error)

type BuiltinUser ¶

type BuiltinUser struct {
	Groups   []string
	Password string
}

type CachedUser ¶

type CachedUser struct {
	User   *User
	Expiry time.Time
}

type CachedUserKey ¶

type CachedUserKey struct {
	Name     string
	Password string
}

type Capability ¶

type Capability string

type Group ¶

type Group struct {
	Name         string
	Prefixes     []string
	Capabilities []string
}

type IdentityProvider ¶

type IdentityProvider string

var IDP_Builtin IdentityProvider = "BuiltIn"

var IDP_Invalid IdentityProvider = "invalid"

var IDP_LDAP IdentityProvider = "LDAP"

type User ¶

type User struct {
	Username string
	Groups   []string
	Password string

	//Calculated at load time
	FullGroups []Group
}

func (*User) HasCapability ¶

func (u *User) HasCapability(c string) bool

func (*User) HasCapabilityOnPrefix ¶

func (u *User) HasCapabilityOnPrefix(c string, pfx string) bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL